package com.framework.core.config;


import cn.dev33.satoken.stp.StpUtil;
import com.framework.common.auto.ThreadLocalUtils;
import com.framework.common.utils.RedisUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 拦截器 token信息解析后保存到私有线程 ThreadLocal
 *
 * @author lihanbo
 */
@Component
@Slf4j
public class UserAuthRestInterceptor implements HandlerInterceptor {

    @Autowired
    private RedisUtils redisUtils;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (StpUtil.isLogin()) {
            ThreadLocalUtils.setLoginid(StpUtil.getLoginId().toString());
        }
//        Enumeration<String> names = request.getParameterNames();
//        while (names.hasMoreElements()) {
//            String name = names.nextElement();
//            String[] values = request.getParameterValues(name);
//            for (String value : values) {
//                //sql注入直接拦截
//                if (judgeSQLInject(value.toLowerCase())) {
//                    HttpClientUtils.write(response, CommonResult.failed("参数含有非法攻击字符,已禁止继续访问"));
//                    return false;
//                }
//                //跨站xss清理
//                clearXss(value);
//            }
//        }
        return true;
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        ThreadLocalUtils.remove();
        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
    }


    /**
     * 判断参数是否含有攻击串
     *
     * @param value
     * @return
     */
    public boolean judgeSQLInject(String value) {
        if (value == null || "".equals(value)) {
            return false;
        }
        String xssStr = "and|or|select|update|delete|drop|truncate|%20|=|--|;|'|%|#|+|,|//|/| |\\|!=|(|)";
        String[] xssArr = xssStr.split("\\|");
        for (int i = 0; i < xssArr.length; i++) {
            if (value.contains(xssArr[i])) {
                return true;
            }
        }
        return false;
    }

    /**
     * 处理跨站xss字符转义
     *
     * @param value
     * @return
     */
    private String clearXss(String value) {
        if (value == null || "".equals(value)) {
            return value;
        }
        value = value.replaceAll("<", "<").replaceAll(">", ">");
        value = value.replaceAll("\\(", "(").replace("\\)", ")");
        value = value.replaceAll("'", "'");
        value = value.replaceAll("eval\\((.*)\\)", "");
        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']",
                "\"\"");
        value = value.replace("script", "");
        return value;
    }

}
